Survey Roundup: Lack of Confidence, Lack of Trust

Wall Street Journal

A look at some recent surveys and reports dealing with risk and compliance issues. Send surveys and reports to wsjrisk@wsj.com.

A survey of 102 financial organizations and 151 retail organizations in the U.K., all of which process card payments, found 40% of respondents said they don’t believe recent high-profile cardholder breaches have changed the level of attention executives give to security, compliance management firm Tripwire reported. Other nuggets from the survey: 36% don’t have confidence in their companies’ incident response plan, and 51% are only somewhat confident their security controls can detect malicious applications.

A survey of CEOs by PwC found 49% saying a lack of trust in business is hampering their company’s growth prospects, and 72% of global CEOs saying excessive regulation is the top threat they face. The survey also found 80% said it’s important for their business to measure and reduce its environment footprint, with more than 75% saying satisfying wider societal needs and protecting the interests of future generations is important to their business.

The latest Conflict and Political Violence Index by risk analytics firm Maplecroft says the levels of conflict and political violence have risen in 48 countries over the last six months. The index lists Syria, Central African Republic, Iraq, South Sudan, Afghanistan, Somalia, DRC, Libya, Sudan and Pakistan as the highest risk countries—and lists Colombia, Nigeria, Philippines, India, Bangladesh, Thailand, China, Indonesia and Turkey as countries with “high” or “extreme risk.”

The Terrorism Risk Insurance Act, whose extension is pending before Congress, is critical to ensuring the availability of workers’ compensation insurance, a Rand Corp. study concluded. TRIA provides a financially sound vehicle for ensuring a stable market for workers’ compensation coverage provided by insurers and reinsurers, many of which otherwise would likely limit the availability of the coverage, especially as it relates to nuclear, biological, chemical or radiological attacks, the report said.

A ThreatTrack Security survey of 200 IT security managers and administrators who work in the financial services and energy sectors found 72% said they expect their company to be the target of a cyberattack in the next year. Half of the respondents said their organizations plan to train existing IT staff on new technologies and cybersecurity strategies, 35% said they will implement new policies such as limiting network access privileges and educating employees, and 34% will invest in advanced malware detection technology.

One-third of respondents said 33% of consumers would shop elsewhere if their retailer of choice is breached, according to a survey by data management firm Identity Finder. Other results from the survey: 30% of patients would find a new health-care provider if their hospital/doctor’s office is breached, and 24% of consumers would switch bank/credit card provider if the institution is breached.

The 2014 Navex Global Ethics and Compliance Hotline Benchmark Report reported a 33% increase in the number of incident reports filed per every 100 employees between 2009 and 2013. The number of incidents related to accounting, auditing and financial reporting was unchanged at 3%, while the number related to bribery, fraud and conflicts of interest rose from 16% in 2009 to 18% last year.

NASA was among three agencies including the Department of Veteran Affairs and the Department of Health and Human Services that reported more than 6,000 cybersecurity-related incidents, according to a report to Congress by the Office of Management and Budget. The report said 81% of government computers are scanned by automated software that searches for common cyber vulnerabilities, down from 83% in the previous year’s report.

A survey of 150 IT professionals found security challenges are increased when there is a lack of proper network visibility for incident detection and resolution. The survey by network management firm Emulex Corp. found 38% cited as a big issue the struggle to capture network behavior for incident detection, with 35% saying monitoring network flows for anomalous behavior and 29% the ability to capture and analyze logs from network and security devices.

A survey of nearly 400 treasurers and other financial professionals by software and IT services firm SunGard found 80% said their organizations aren’t following a standardized and controlled payment management workflow across all of their entities, a key practice in fraud prevention. It also found 25% of companies use more than 10 cash management banks and 23% of those companies maintain more than 1,000 bank accounts, compounding a lack of standards and leading to poor cash visibility with complex banking relationships.

Twenty-two percent of the chief financial officers surveyed by TD Bank cited government regulation as their top concern, tied with the competitive environment. The CFOs also cited political gridlock (15%), global volatility (14%) and the cost of doing business as other concerns.

Data security firm AppRiver said it quarantined nearly 14 billion pieces of unsolicited email in the first quarter of 2014. The company’s Q1 Global Security Report said nearly 11 billion pieces of email delivered malware in the quarter, adding at one point in January, one in every 10 pieces of email was malicious.

Many executives express concerns about their existing cyber incident response plans, despite a number of high-profile breaches. The uncertainty surrounding cyber incident response presents an opportunity to educate the executive team on cyber resilience, the coordinated set of enterprisewide activities designed to help organizations respond to, and recover from, a variety of cyber incidents, while reducing their impact to business operations, cost and brand damage.

Search for Risk & Compliance Report Articles

About Risk & Compliance

Risk & Compliance provides news and commentary to corporate executives and others who need to understand, monitor and control the many risks that can tarnish brands, distract management and harm investors. Its content spans governance, risk and compliance and includes analysis of the significance of laws and regulations, the risks inherent in global expansion and the protective moves taken by companies.